Tag Archives: time

There was a time when hackers simply defaced websites to get attention, then they started hijacking them to spread banking trojan and ransomware, and now the trend has shifted towards injecting scripts into sites to mine cryptocurrencies.

Thousands of government websites around the world have been found infected with a specific script that secretly forces visitors’ computers to mine cryptocurrency for attackers.

The cryptocurrency mining script injection found on over 4,000 websites, including those belonging to UK’s National Health Service (NHS), the Student Loan Company, and data protection watchdog Information Commissioner’s Office (ICO), Queensland legislation, as well as the US government’s court system.

Users who visited the hacked websites immediately had their computers’ processing power hijacked, also known as cryptojacking, to mine cryptocurrency without their knowledge, potentially generating profits for the unknown hacker or group of hackers.

It turns out that hackers managed to hijack a popular third-party accessibility plugin called “Browsealoud,” used by all these affected websites, and injected their cryptocurrency-mining script into its code.

Browsealoud is a popular third-party browser plugin that helps blind and partially-sighted users access the web by converting site text to audio.

The script that was inserted into the compromised Browsealoud software belongs to CoinHive—a browser-based Monero mining service that offers website administrators to earn revenue by utilizing CPU resources of visitors.

The mining software was found in more than 4,200 websites, including The City University of New York (cuny.edu), Uncle Sam’s court information portal (uscourts.gov), the UK’s Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner’s Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), UK NHS services, Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on.

After UK-based infosec consultant Scott Helme raised the alarm about this hack when one of his friends mentioned getting anti-virus alerts on a UK Government website, BrowseAloud’s operator Texthelp took down its site to resolve the issue.

Here’s what Texthelp’s chief technology officer Martin McKay said in a blog post:

“In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours.”

“Texthelp has in place continuously automated security tests for Browsealoud – these tests detected the modified file, and as a result, the product was taken offline.”

This action eventually removed Browsealoud from all websites immediately, addressing the security issue without its customers having to take any action.

The company also assured that “no customer data has been accessed or lost,” and that its customers will receive a further update as soon as the security investigation gets completed.

Uber is in headlines once again—this time for concealing last year’s data breach that exposed personal data of 57 million customers and drivers.

On Tuesday, Uber announced that the company suffered a massive data breach in October 2016 that exposed names, e-mail addresses and phone numbers of 57 million Uber riders and drivers along with driver license numbers of around 600,000 drivers.

However, instead of disclosing the breach, the company paid $100,000 in ransom to the two hackers who had access to the data in exchange for keeping the incident secret and deleting the information, according to a report published by Bloomberg.

Uber said none of its own systems were breached, rather two individuals outside the company inappropriately accessed and downloaded 57 million Uber riders’ and drivers’ data that was stored on a third-party cloud-based service.

The cyberattack exposed the names and driver license numbers of some 600,000 drivers in the United States, and the names, emails, and mobile phone numbers of around 57 million Uber users worldwide, which included drivers as well.

However, the company said other personal details, such as trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth, were not accessed in the attack.

Uber Hid 57 Million User Data Breach For Over a Year

According to Bloomberg report, former Uber CEO Travis Kalanick learned of the cyber attack in November 2016, when the company was negotiating with the Federal Trade Commission (FTC) on a privacy settlement.

So, the company chose to pay the two hackers $100,000 to delete the stolen information and keep quiet about the incident and finally agreed to the FTC settlement three months ago, without admitting any wrongdoing.

Uber Technologies Inc. only told the FTC about the October 2016 data incident on Tuesday, when the breach was made public by Bloomberg.

However, this secret payment eventually cost Uber security executives their jobs for handling the incident.

Now Uber CEO Dara Khosrowshahi has reportedly asked for the resignation of Uber Chief Security Officer Joe Sullivan, and one of his deputies, Craig Clark, who worked to keep the attack quiet.

“None of this should have happened, and I will not make excuses for it. While I cannot erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said.

“We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

The company also says that it is monitoring the affected accounts for fraudulent activity and that riders do not need to take any action against this incident. It’s likely that Uber will be forcing its customers to reset their passwords for its app.

Another day, another data breach. This time a fast-fashion retailer has fallen victim to payment card breach.

American clothes retailer Forever 21 announced on Tuesday that the company had suffered a security breach that allowed unknown hackers to gain unauthorized access to data from payment cards used at a number of its retail locations.

The Los Angeles based company, which operates over 815 stores in 57 countries, didn’t say which of its stores were affected, but it did note that customers who shopped between March and October this year may be affected.

Forever 21 learned of the breach after the retailer received a report from a third-party monitoring service, suggesting there may have been “unauthorized access to data from payment cards that were used at certain FOREVER 21 stores.”

Besides this, the company also revealed that it implemented encryption and token-based authentication systems in 2015 that are intended to protect transaction data on its point-of-sale (PoS) machines in its stores.

However, due to dysfunctional of the security layers on certain PoS devices, hackers were able to gain unauthorized access to data from payment cards at some Forever 21 stores, the company admitted.

Since the investigation of its payment card systems is still ongoing, complete findings of the incident, including the number of customers potentially affected, are not available at the moment.

“Forever 21 immediately began an investigation of its payment card systems and engaged a leading security and forensics firm to assist,” the US clothing retailer said while announcing the data breach.

“We regret that this incident occurred and apologize for any inconvenience. We will continue to work to address this matter.”

Meanwhile, customers who shopped at Forever 21 are advised to monitor their payment card statements carefully, and immediately notify their banks that issued the card for any unauthorized charge.

The Mozilla Foundation today announced the release of its much awaited Firefox 57, aka Quantum web browser for Windows, Mac, and Linux, which claims to defeat Google’s Chrome.

It is fast. Really fast. Firefox 57 is based on an entirely revamped design and overhauled core that includes a brand new next-generation CSS engine written in Mozilla’s Rust programming language, called Stylo.

Firefox 57 “Quantum” is the first web browser to utilize the power of multicore processors and offers 2x times faster browsing experience while consuming 30 percent less memory than Google Chrome.

This time the popular commenting system has fallen victim to a massive security breach.

Disqus, the company which provides a web-based comment plugin for websites and blogs, has admitted that it was breached 5 years ago in July 2012 and hackers stole details of more than 17.5 million users.

The stolen data includes email addresses, usernames, sign-up dates, and last login dates in plain text for all 17.5 million users.

What’s more? Hackers also got their hands on passwords for about one-third of the affected users, which were salted and hashed using the weak SHA-1 algorithm.

The company said the exposed user information dates back to 2007 with the most recently exposed from July 2012.

According to Disqus, the company became aware of the breach Thursday (5th October) evening after an independent security researcher Troy Hunt, who obtained a copy of the site’s information, notified the company.

Within about 24 hours, Disqus disclosed the data breach and started contacting its affected users, forcing them to reset their passwords as soon as possible.

“No plain text passwords were exposed, but it is possible for this data to be decrypted (even if unlikely). As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared,” Disqus’ CTO Jason Yan said in a blog post.

However, since late 2012 Disqus has made other upgrades to improve its security and changed its password hashing algorithm to Bcrypt—a much stronger cryptographic algorithm which makes it difficult for hackers to obtain user’s actual password.

“Since 2012, as part of normal security enhancements, we have made significant upgrades to our database and encryption to prevent breaches and increase password security, Yan said. “Specifically, at the end of 2012, we changed our password hashing algorithm from SHA1 to bcrypt.”

In addition to resetting your password, you are also advised to change your passwords on other online services and platforms as well, if you share the same credentials.

It is most likely that hackers could use this stolen information in tandem with social engineering techniques to gain further information on victims. So, you are advised to beware of spam and phishing emails carrying malicious file attachments.

It is still unclear how hackers get hands-on Disqus data. San Francisco-based Disqus is still actively investigating this security incident.

Another day, another data breach. This time Amazon-owned grocery chain has fallen victim to a credit card security breach.

Whole Foods Market—acquired by Amazon for $13.7 billion in late August—disclosed Thursday that hackers were able to gain unauthorized access to credit card information for its customers who made purchases at certain venues like taprooms and full table-service restaurants located within some stores.

Whole Foods Market has around 500 stores in the United States, United Kingdom, and Canada.

The company did not disclose details about the targeted locations or the total number of customers affected by the breach, but it did mention that hackers targeted some of its point-of-sale (POS) terminals in an attempt to steal customer data, including credit details.

The company also said people who only shopped for groceries at Whole Foods were not affected, neither the hackers were able to access Amazon transactions in the security breach.

Instead, only certain venues such as taprooms and table-service restaurants located within its stores—which use a separate POS system—were impacted.

Whole Foods Market has hired a cybersecurity firm to help it investigate the credit card breach and contacted law enforcement authorities of this incident.

“When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cybersecurity forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue,” Whole Foods said in a statement on its website.

The company is also encouraging its customers to closely monitor their credit card statements and “report any unauthorized charges to the issuing bank.”

According to Whole Foods Market, none of the affected systems being investigated are, in any way, connected to Amazon.com systems.

Whole Foods Market has become the latest of the victim of the high-profile cyber attack. Earlier this month, Global tax and auditing firm Deloitte suffered a cyber attack that resulted in the theft of private emails and documents of some of its clients.

Also last week, the U.S. Securities and Exchange Commission (SEC) also disclosed that unknown hackers managed to hack its financial document filing system and illegally profited from the stolen information.

Another day, another data breach. This time one of the world’s “big four” accountancy firms has fallen victim to a sophisticated cyber attack.

Global tax and auditing firm Deloitte has confirmed the company had suffered a cyber attack that resulted in the theft of confidential information, including the private emails and documents of some of its clients.

Deloitte is one of the largest private accounting firms in the U.S. which offers tax, auditing, operations consulting, cybersecurity advisory, and merger and acquisition assistance services to large banks, government agencies and large Fortune 500 multinationals, among others.

The global accountancy firm said Monday that its system had been accessed via an email platform from October last year through this past March and that “very few” of its clients had been affected, the Guardian reports.

The firm discovered the cyber attack in March, but it believes the unknown attackers may have had access to its email system since October or November 2016.

Besides emails, hackers also may have had potential access to “usernames, passwords, IP addresses, architectural diagrams for businesses and health information.”

“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a Deloitte spokesperson told the newspaper.

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.“

Deloitte’s internal investigation into the cyber incident is still ongoing, and the firm has reportedly informed only six of its clients that their information was “impacted” by the breach.

Moreover, last week the U.S. Securities and Exchange Commission (SEC) also disclosed that hackers managed to hack its financial document filing system and illegally profited from the stolen information.

Vevo is a joint venture between Sony Music Entertainment, Universal Music Group, Abu Dhabi Media, Warner Music Group, and Google’s parent company Alphabet Inc.

OurMine managed to get hold of Vevo’s “sensitive” data including its internal office documents, videos and promotional materials after the hacking collective successfully hacked into the Vevo servers.

The group then posted the stolen documents (approximately 3.12 terabytes) from Vevo on its website on late Thursday, though OurMine removed the stolen information from its website on Vevo’s request.

Although it’s not clear what prompted OurMine to hack Vevo, the group noted on its website that it initially tried to alert Vevo of the breach privately, but when one of the Vevo’s employees responded, “F*** off, you don’t have anything,” it went public with the data breach and leaked Vevo files.

The breach was first reported by Dell Cameron of Gizmodo, who said the leaked Vevo content seems “pretty mild,” which contained “weekly music charts, pre-planned social media content, and various details about the artists under the record companies’ management.”

It’s not clear for how long the hackers have been accessing the Vevo system, how they managed to gain access to its server, or whether they have held on other additional information, like financial, emails, and passwords.

Vevo has confirmed the security incident, saying the company “can confirm that Vevo experienced a data breach as a result of a phishing scam via Linkedin. We have addressed the issue and are investigating the extent of exposure.”

The company also confirmed the breach had not impacted the security of its United Kingdom office.

OurMine is a Saudi Arabian group of self-proclaimed white hat hackers which markets itself by taking over sites and social media accounts of high-profile targets and then encourages them to contact them to buy their IT security service in an effort to protect themselves from future cyber attacks.

There is no indication of WikiLeaks servers and website been compromised, instead it seems their website has been redirected to a hacker-controlled server using DNS poisoning attack.

In DNS poisoning attack, also known as DNS spoofing, an attacker gets control of the DNS server and changes a value of name-servers in order to divert Internet traffic to a malicious IP address.

Shortly after the defacement, the site administrators regained access to their DNS server and at the time of writing, the WikiLeaks website is back online from its official legitimate servers.

OurMine is a Saudi Arabian group of hackers which claims to be a “white hat” security firm.

The group markets itself by taking over social media accounts of high-profile targets and then encourages them to contact the hacking group to buy its IT security service in an effort to protect themselves from future cyber attacks.

The Game of Thrones hacking saga continues, but this time it’s the HBO’s and GOT’s official Twitter and Facebook accounts got compromised, rather than upcoming episodes.

As if the leak of episodes by hackers and the accidental airing of an upcoming episode of Game of Thrones by HBO itself were not enough, a notorious group of hackers took over the official Twitter and Facebook accounts for HBO as well as Game of Thrones Wednesday night.

The hacker group from Saudi Arabia, dubbed OurMine, claimed responsibility for the hack, posting a message on both HBO’s official Twitter and Facebook accounts, which read:

“Hi, OurMine are here, we are just testing your security, HBO team, please contact us to upgrade the security,” followed by a contact link for the group.

This message was followed by another one, wherein hackers asked people to make the hashtag #HBOhacked trending on Twitter, which it did.

Ourmine is the same group of hackers from Saudi Arabia that previously compromised social media accounts of major companies CEOs, including Twitter CEO Jack Dorsey, Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, and Facebook-owned virtual reality company Oculus CEO Brendan Iribe.

In most of the cases, Ourmine hackers gain access to the social media accounts by credentials exposed in previous, publicly known data breaches.

However, the hacking group does not seem to ever go beyond just demonstrating its ability to take over the account, without doing much damage to the accounts or its protected information.

OurMine offers companies security against hacking, charging up to $5,000 for a “scan” of their social media accounts, site security holes, and other security vulnerabilities, and advertises its commercial services by breaking into famous accounts.

HBO managed to remove the offending tweets shortly after the hackers posted them.

Just yesterday, in a devastating blunder, HBO Spain accidentally aired Episode 6 of Game of Thrones season 7 five days prior to its official premiere.

The popular entertaining company is also facing a threat from hacker or group of hackers who claimed to have obtained nearly 1.5 terabytes of information from HBO.

Over two weeks ago, the unknown hackers dropped episodes of “Ballers” and “Room 104,” along with a script of the fourth episode of Game of Thrones on the internet.

This leak was followed by another dump of a half-gigabyte sample of stolen data, including the company’s emails, employment agreements, balance sheets, and the script of the upcoming GOT episode, demanding a ransom—nearly $6 Million in Bitcoins.

Although it was revealed that the company offered hackers $250,000 for extending the ransom payment deadline by one week, the proposal apparently failed to satisfy hackers, and they threatened to release more data every Sunday until the full ransom was paid.